@nervmor/codexui 1.0.1 → 1.0.3

package/dist-cli/index.js

@@ -3,10 +3,10 @@
 // src/cli/index.ts
 import { createServer as createServer2 } from "http";
 import { chmodSync, createWriteStream, existsSync as existsSync3, mkdirSync } from "fs";
-import { readFile as readFile4 } from "fs/promises";
-import { homedir as homedir3, networkInterfaces } from "os";
-import { join as join5 } from "path";
-import { spawn as spawn3, spawnSync } from "child_process";
+import { readFile as readFile5 } from "fs/promises";
+import { homedir as homedir4, networkInterfaces } from "os";
+import { join as join6 } from "path";
+import { spawn as spawn4, spawnSync } from "child_process";
 import { createInterface } from "readline/promises";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { dirname as dirname3 } from "path";
@@ -16,60 +16,721 @@ import qrcode from "qrcode-terminal";
 
 // src/server/httpServer.ts
 import { fileURLToPath } from "url";
-import { dirname as dirname2, extname as extname2, isAbsolute as isAbsolute2, join as join4 } from "path";
+import { dirname as dirname2, extname as extname2, isAbsolute as isAbsolute2, join as join5 } from "path";
 import { existsSync as existsSync2 } from "fs";
-import { writeFile as writeFile3, stat as stat4 } from "fs/promises";
+import { writeFile as writeFile4, stat as stat5 } from "fs/promises";
 import express from "express";
 
 // src/server/codexAppServerBridge.ts
-import { spawn as spawn2 } from "child_process";
+import { spawn as spawn3 } from "child_process";
 import { randomBytes } from "crypto";
-import { mkdtemp as mkdtemp2, readFile as readFile2, mkdir as mkdir2, stat as stat2 } from "fs/promises";
+import { mkdtemp as mkdtemp3, readFile as readFile3, mkdir as mkdir3, stat as stat3 } from "fs/promises";
 import { request as httpsRequest } from "https";
-import { homedir as homedir2 } from "os";
-import { tmpdir as tmpdir2 } from "os";
-import { basename, isAbsolute, join as join2, resolve } from "path";
-import { writeFile as writeFile2 } from "fs/promises";
+import { homedir as homedir3 } from "os";
+import { tmpdir as tmpdir3 } from "os";
+import { basename, isAbsolute, join as join3, resolve } from "path";
+import { writeFile as writeFile3 } from "fs/promises";
 
-// src/server/skillsRoutes.ts
+// src/server/accountRoutes.ts
 import { spawn } from "child_process";
-import { mkdtemp, readFile, readdir, rm, mkdir, stat, lstat, readlink, symlink } from "fs/promises";
-import { existsSync } from "fs";
+import { createHash } from "crypto";
+import { mkdtemp, mkdir, readFile, rm, stat, writeFile } from "fs/promises";
 import { homedir, tmpdir } from "os";
 import { join } from "path";
-import { writeFile } from "fs/promises";
+var APP_SERVER_ARGS = [
+  "app-server",
+  "-c",
+  'approval_policy="never"',
+  "-c",
+  'sandbox_mode="danger-full-access"'
+];
+var ACCOUNT_QUOTA_REFRESH_TTL_MS = 5 * 60 * 1e3;
+var backgroundRefreshPromise = null;
 function asRecord(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value) ? value : null;
 }
+function readString(value) {
+  return typeof value === "string" && value.trim().length > 0 ? value.trim() : null;
+}
+function readNumber(value) {
+  return typeof value === "number" && Number.isFinite(value) ? value : null;
+}
+function readBoolean(value) {
+  return typeof value === "boolean" ? value : null;
+}
+function setJson(res, statusCode, payload) {
+  res.statusCode = statusCode;
+  res.setHeader("Content-Type", "application/json; charset=utf-8");
+  res.end(JSON.stringify(payload));
+}
 function getErrorMessage(payload, fallback) {
   if (payload instanceof Error && payload.message.trim().length > 0) {
     return payload.message;
   }
   const record = asRecord(payload);
+  const error = record?.error;
+  if (typeof error === "string" && error.trim().length > 0) {
+    return error.trim();
+  }
+  if (typeof record?.message === "string" && record.message.trim().length > 0) {
+    return record.message.trim();
+  }
+  return fallback;
+}
+function getCodexHomeDir() {
+  const codexHome = process.env.CODEX_HOME?.trim();
+  return codexHome && codexHome.length > 0 ? codexHome : join(homedir(), ".codex");
+}
+function getActiveAuthPath() {
+  return join(getCodexHomeDir(), "auth.json");
+}
+function getAccountsStatePath() {
+  return join(getCodexHomeDir(), "accounts.json");
+}
+function getAccountsSnapshotRoot() {
+  return join(getCodexHomeDir(), "accounts");
+}
+function toStorageId(accountId) {
+  return createHash("sha256").update(accountId).digest("hex");
+}
+function normalizeRateLimitWindow(value) {
+  const record = asRecord(value);
+  if (!record) return null;
+  const usedPercent = readNumber(record.usedPercent ?? record.used_percent);
+  if (usedPercent === null) return null;
+  return {
+    usedPercent,
+    windowMinutes: readNumber(record.windowDurationMins ?? record.window_minutes),
+    resetsAt: readNumber(record.resetsAt ?? record.resets_at)
+  };
+}
+function normalizeCreditsSnapshot(value) {
+  const record = asRecord(value);
+  if (!record) return null;
+  const hasCredits = readBoolean(record.hasCredits ?? record.has_credits);
+  const unlimited = readBoolean(record.unlimited);
+  if (hasCredits === null || unlimited === null) return null;
+  return {
+    hasCredits,
+    unlimited,
+    balance: readString(record.balance)
+  };
+}
+function normalizeRateLimitSnapshot(value) {
+  const record = asRecord(value);
+  if (!record) return null;
+  const primary = normalizeRateLimitWindow(record.primary);
+  const secondary = normalizeRateLimitWindow(record.secondary);
+  const credits = normalizeCreditsSnapshot(record.credits);
+  if (!primary && !secondary && !credits) return null;
+  return {
+    limitId: readString(record.limitId ?? record.limit_id),
+    limitName: readString(record.limitName ?? record.limit_name),
+    primary,
+    secondary,
+    credits,
+    planType: readString(record.planType ?? record.plan_type)
+  };
+}
+function pickCodexRateLimitSnapshot(payload) {
+  const record = asRecord(payload);
+  if (!record) return null;
+  const rateLimitsByLimitId = asRecord(record.rateLimitsByLimitId ?? record.rate_limits_by_limit_id);
+  const codexBucket = normalizeRateLimitSnapshot(rateLimitsByLimitId?.codex);
+  if (codexBucket) return codexBucket;
+  return normalizeRateLimitSnapshot(record.rateLimits ?? record.rate_limits);
+}
+function normalizeStoredAccountEntry(value) {
+  const record = asRecord(value);
+  const accountId = readString(record?.accountId);
+  const storageId = readString(record?.storageId);
+  const lastRefreshedAtIso = readString(record?.lastRefreshedAtIso);
+  const quotaStatusRaw = readString(record?.quotaStatus);
+  const quotaStatus = quotaStatusRaw === "loading" || quotaStatusRaw === "ready" || quotaStatusRaw === "error" ? quotaStatusRaw : "idle";
+  if (!accountId || !storageId || !lastRefreshedAtIso) return null;
+  return {
+    accountId,
+    storageId,
+    authMode: readString(record?.authMode),
+    email: readString(record?.email),
+    planType: readString(record?.planType),
+    lastRefreshedAtIso,
+    lastActivatedAtIso: readString(record?.lastActivatedAtIso),
+    quotaSnapshot: normalizeRateLimitSnapshot(record?.quotaSnapshot),
+    quotaUpdatedAtIso: readString(record?.quotaUpdatedAtIso),
+    quotaStatus,
+    quotaError: readString(record?.quotaError)
+  };
+}
+async function readStoredAccountsState() {
+  try {
+    const raw = await readFile(getAccountsStatePath(), "utf8");
+    const parsed = asRecord(JSON.parse(raw));
+    const activeAccountId = readString(parsed?.activeAccountId);
+    const rawAccounts = Array.isArray(parsed?.accounts) ? parsed.accounts : [];
+    const accounts = rawAccounts.map((entry) => normalizeStoredAccountEntry(entry)).filter((entry) => entry !== null);
+    return { activeAccountId, accounts };
+  } catch {
+    return { activeAccountId: null, accounts: [] };
+  }
+}
+async function writeStoredAccountsState(state) {
+  await writeFile(getAccountsStatePath(), JSON.stringify(state, null, 2), { encoding: "utf8", mode: 384 });
+}
+function withUpsertedAccount(state, nextEntry) {
+  const rest = state.accounts.filter((entry) => entry.accountId !== nextEntry.accountId);
+  return {
+    activeAccountId: state.activeAccountId,
+    accounts: [nextEntry, ...rest]
+  };
+}
+function sortAccounts(accounts, activeAccountId) {
+  return [...accounts].sort((left, right) => {
+    const leftActive = left.accountId === activeAccountId ? 1 : 0;
+    const rightActive = right.accountId === activeAccountId ? 1 : 0;
+    if (leftActive !== rightActive) return rightActive - leftActive;
+    return right.lastRefreshedAtIso.localeCompare(left.lastRefreshedAtIso);
+  });
+}
+function toPublicAccountEntry(entry, activeAccountId) {
+  return {
+    ...entry,
+    isActive: entry.accountId === activeAccountId
+  };
+}
+function decodeBase64UrlJson(input) {
+  try {
+    const normalized = input.replace(/-/g, "+").replace(/_/g, "/");
+    const padding = normalized.length % 4 === 0 ? "" : "=".repeat(4 - normalized.length % 4);
+    const raw = Buffer.from(`${normalized}${padding}`, "base64").toString("utf8");
+    const parsed = JSON.parse(raw);
+    return asRecord(parsed);
+  } catch {
+    return null;
+  }
+}
+function extractTokenMetadata(accessToken) {
+  if (!accessToken || typeof accessToken !== "string") {
+    return { email: null, planType: null };
+  }
+  const parts = accessToken.split(".");
+  if (parts.length < 2) {
+    return { email: null, planType: null };
+  }
+  const payload = decodeBase64UrlJson(parts[1] ?? "");
+  const profile = asRecord(payload?.["https://api.openai.com/profile"]);
+  const auth = asRecord(payload?.["https://api.openai.com/auth"]);
+  return {
+    email: typeof profile?.email === "string" && profile.email.trim().length > 0 ? profile.email.trim() : null,
+    planType: typeof auth?.chatgpt_plan_type === "string" && auth.chatgpt_plan_type.trim().length > 0 ? auth.chatgpt_plan_type.trim() : null
+  };
+}
+async function readAuthFileFromPath(path) {
+  const raw = await readFile(path, "utf8");
+  const parsed = JSON.parse(raw);
+  const accountId = parsed.tokens?.account_id?.trim() ?? "";
+  if (!accountId) {
+    throw new Error("missing_account_id");
+  }
+  return {
+    raw,
+    parsed,
+    accountId,
+    authMode: typeof parsed.auth_mode === "string" && parsed.auth_mode.trim().length > 0 ? parsed.auth_mode.trim() : null,
+    metadata: extractTokenMetadata(parsed.tokens?.access_token)
+  };
+}
+function getSnapshotPath(storageId) {
+  return join(getAccountsSnapshotRoot(), storageId, "auth.json");
+}
+async function writeSnapshot(storageId, raw) {
+  const dir = join(getAccountsSnapshotRoot(), storageId);
+  await mkdir(dir, { recursive: true, mode: 448 });
+  await writeFile(getSnapshotPath(storageId), raw, { encoding: "utf8", mode: 384 });
+}
+async function readRuntimeAccountMetadata(appServer) {
+  const payload = asRecord(await appServer.rpc("account/read", { refreshToken: false }));
+  const account = asRecord(payload?.account);
+  return {
+    email: typeof account?.email === "string" && account.email.trim().length > 0 ? account.email.trim() : null,
+    planType: typeof account?.planType === "string" && account.planType.trim().length > 0 ? account.planType.trim() : null
+  };
+}
+async function validateSwitchedAccount(appServer) {
+  const metadata = await readRuntimeAccountMetadata(appServer);
+  const quotaPayload = await appServer.rpc("account/rateLimits/read", null);
+  return {
+    metadata,
+    quotaSnapshot: pickCodexRateLimitSnapshot(quotaPayload)
+  };
+}
+async function restoreActiveAuth(raw) {
+  const path = getActiveAuthPath();
+  if (raw === null) {
+    await rm(path, { force: true });
+    return;
+  }
+  await writeFile(path, raw, { encoding: "utf8", mode: 384 });
+}
+async function fileExists(path) {
+  try {
+    await stat(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function withTemporaryCodexAppServer(authRaw, run) {
+  const tempCodexHome = await mkdtemp(join(tmpdir(), "codexui-account-"));
+  const authPath = join(tempCodexHome, "auth.json");
+  await writeFile(authPath, authRaw, { encoding: "utf8", mode: 384 });
+  const proc = spawn("codex", [...APP_SERVER_ARGS], {
+    env: { ...process.env, CODEX_HOME: tempCodexHome },
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+  let disposed = false;
+  let initialized = false;
+  let initializePromise = null;
+  let readBuffer = "";
+  let nextId = 1;
+  const pending = /* @__PURE__ */ new Map();
+  const rejectAllPending = (error) => {
+    for (const request of pending.values()) {
+      request.reject(error);
+    }
+    pending.clear();
+  };
+  proc.stdout.setEncoding("utf8");
+  proc.stdout.on("data", (chunk) => {
+    readBuffer += chunk;
+    let lineEnd = readBuffer.indexOf("\n");
+    while (lineEnd !== -1) {
+      const line = readBuffer.slice(0, lineEnd).trim();
+      readBuffer = readBuffer.slice(lineEnd + 1);
+      if (line.length > 0) {
+        try {
+          const message = JSON.parse(line);
+          if (typeof message.id === "number" && pending.has(message.id)) {
+            const current = pending.get(message.id);
+            pending.delete(message.id);
+            if (!current) {
+              lineEnd = readBuffer.indexOf("\n");
+              continue;
+            }
+            if (message.error?.message) {
+              current.reject(new Error(message.error.message));
+            } else {
+              current.resolve(message.result);
+            }
+          }
+        } catch {
+        }
+      }
+      lineEnd = readBuffer.indexOf("\n");
+    }
+  });
+  proc.stderr.setEncoding("utf8");
+  proc.stderr.on("data", () => {
+  });
+  proc.on("error", (error) => {
+    rejectAllPending(error instanceof Error ? error : new Error("codex app-server failed to start"));
+  });
+  proc.on("exit", () => {
+    if (disposed) return;
+    rejectAllPending(new Error("codex app-server exited unexpectedly"));
+  });
+  const sendLine = (payload) => {
+    proc.stdin.write(`${JSON.stringify(payload)}
+`);
+  };
+  const call = async (method, params) => {
+    const id = nextId++;
+    return await new Promise((resolve2, reject) => {
+      pending.set(id, { resolve: resolve2, reject });
+      sendLine({
+        jsonrpc: "2.0",
+        id,
+        method,
+        params
+      });
+    });
+  };
+  const ensureInitialized = async () => {
+    if (initialized) return;
+    if (initializePromise) {
+      await initializePromise;
+      return;
+    }
+    initializePromise = call("initialize", {
+      clientInfo: {
+        name: "codexui-account-refresh",
+        version: "0.1.0"
+      },
+      capabilities: {
+        experimentalApi: true
+      }
+    }).then(() => {
+      sendLine({
+        jsonrpc: "2.0",
+        method: "initialized"
+      });
+      initialized = true;
+    }).finally(() => {
+      initializePromise = null;
+    });
+    await initializePromise;
+  };
+  const dispose = async () => {
+    if (disposed) return;
+    disposed = true;
+    rejectAllPending(new Error("codex app-server stopped"));
+    try {
+      proc.stdin.end();
+    } catch {
+    }
+    try {
+      proc.kill("SIGTERM");
+    } catch {
+    }
+    await rm(tempCodexHome, { recursive: true, force: true });
+  };
+  try {
+    await ensureInitialized();
+    return await run(call);
+  } finally {
+    await dispose();
+  }
+}
+async function inspectStoredAccount(entry) {
+  const snapshotPath = getSnapshotPath(entry.storageId);
+  const authRaw = await readFile(snapshotPath, "utf8");
+  return await withTemporaryCodexAppServer(authRaw, async (rpc) => {
+    const accountPayload = asRecord(await rpc("account/read", { refreshToken: false }));
+    const account = asRecord(accountPayload?.account);
+    const quotaPayload = await rpc("account/rateLimits/read", null);
+    return {
+      metadata: {
+        email: typeof account?.email === "string" && account.email.trim().length > 0 ? account.email.trim() : entry.email,
+        planType: typeof account?.planType === "string" && account.planType.trim().length > 0 ? account.planType.trim() : entry.planType
+      },
+      quotaSnapshot: pickCodexRateLimitSnapshot(quotaPayload)
+    };
+  });
+}
+function shouldRefreshAccountQuota(entry) {
+  if (entry.quotaStatus === "loading") return false;
+  if (!entry.quotaUpdatedAtIso) return true;
+  const updatedAtMs = Date.parse(entry.quotaUpdatedAtIso);
+  if (!Number.isFinite(updatedAtMs)) return true;
+  return Date.now() - updatedAtMs >= ACCOUNT_QUOTA_REFRESH_TTL_MS;
+}
+async function replaceStoredAccount(nextEntry, activeAccountId) {
+  const state = await readStoredAccountsState();
+  const nextState = withUpsertedAccount({
+    activeAccountId,
+    accounts: state.accounts
+  }, nextEntry);
+  await writeStoredAccountsState({
+    activeAccountId,
+    accounts: nextState.accounts
+  });
+}
+async function refreshAccountsInBackground(accountIds, activeAccountId) {
+  for (const accountId of accountIds) {
+    const state = await readStoredAccountsState();
+    const entry = state.accounts.find((item) => item.accountId === accountId);
+    if (!entry) continue;
+    try {
+      const inspected = await inspectStoredAccount(entry);
+      await replaceStoredAccount({
+        ...entry,
+        email: inspected.metadata.email ?? entry.email,
+        planType: inspected.metadata.planType ?? entry.planType,
+        quotaSnapshot: inspected.quotaSnapshot ?? entry.quotaSnapshot,
+        quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+        quotaStatus: "ready",
+        quotaError: null
+      }, activeAccountId);
+    } catch (error) {
+      await replaceStoredAccount({
+        ...entry,
+        quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+        quotaStatus: "error",
+        quotaError: getErrorMessage(error, "Failed to refresh account quota")
+      }, activeAccountId);
+    }
+  }
+}
+async function scheduleAccountsBackgroundRefresh(options = {}) {
+  const state = await readStoredAccountsState();
+  if (state.accounts.length === 0) return state;
+  if (backgroundRefreshPromise) return state;
+  const allowedIds = options.accountIds ? new Set(options.accountIds) : null;
+  const candidates = state.accounts.filter((entry) => !allowedIds || allowedIds.has(entry.accountId)).filter((entry) => options.force === true || shouldRefreshAccountQuota(entry)).sort((left, right) => {
+    const prioritize = options.prioritizeAccountId ?? "";
+    const leftPriority = left.accountId === prioritize ? 1 : 0;
+    const rightPriority = right.accountId === prioritize ? 1 : 0;
+    if (leftPriority !== rightPriority) return rightPriority - leftPriority;
+    return 0;
+  });
+  if (candidates.length === 0) return state;
+  const candidateIds = new Set(candidates.map((entry) => entry.accountId));
+  const markedState = {
+    activeAccountId: state.activeAccountId,
+    accounts: state.accounts.map((entry) => candidateIds.has(entry.accountId) ? {
+      ...entry,
+      quotaStatus: "loading",
+      quotaError: null
+    } : entry)
+  };
+  await writeStoredAccountsState(markedState);
+  backgroundRefreshPromise = refreshAccountsInBackground(
+    candidates.map((entry) => entry.accountId),
+    markedState.activeAccountId
+  ).finally(() => {
+    backgroundRefreshPromise = null;
+  });
+  return markedState;
+}
+async function importAccountFromAuthPath(path) {
+  const imported = await readAuthFileFromPath(path);
+  const storageId = toStorageId(imported.accountId);
+  await writeSnapshot(storageId, imported.raw);
+  const state = await readStoredAccountsState();
+  const existing = state.accounts.find((entry) => entry.accountId === imported.accountId) ?? null;
+  const nextEntry = {
+    accountId: imported.accountId,
+    storageId,
+    authMode: imported.authMode,
+    email: imported.metadata.email ?? existing?.email ?? null,
+    planType: imported.metadata.planType ?? existing?.planType ?? null,
+    lastRefreshedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+    lastActivatedAtIso: existing?.lastActivatedAtIso ?? null,
+    quotaSnapshot: existing?.quotaSnapshot ?? null,
+    quotaUpdatedAtIso: existing?.quotaUpdatedAtIso ?? null,
+    quotaStatus: existing?.quotaStatus ?? "idle",
+    quotaError: existing?.quotaError ?? null
+  };
+  const nextState = withUpsertedAccount(state, nextEntry);
+  await writeStoredAccountsState(nextState);
+  return {
+    activeAccountId: nextState.activeAccountId,
+    importedAccountId: imported.accountId,
+    accounts: sortAccounts(nextState.accounts, nextState.activeAccountId).map((entry) => toPublicAccountEntry(entry, nextState.activeAccountId))
+  };
+}
+async function handleAccountRoutes(req, res, url, context) {
+  const { appServer } = context;
+  if (req.method === "GET" && url.pathname === "/codex-api/accounts") {
+    const state = await scheduleAccountsBackgroundRefresh();
+    setJson(res, 200, {
+      data: {
+        activeAccountId: state.activeAccountId,
+        accounts: sortAccounts(state.accounts, state.activeAccountId).map((entry) => toPublicAccountEntry(entry, state.activeAccountId))
+      }
+    });
+    return true;
+  }
+  if (req.method === "GET" && url.pathname === "/codex-api/accounts/active") {
+    const state = await readStoredAccountsState();
+    const active = state.activeAccountId ? state.accounts.find((entry) => entry.accountId === state.activeAccountId) ?? null : null;
+    setJson(res, 200, {
+      data: active ? toPublicAccountEntry(active, state.activeAccountId) : null
+    });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/accounts/refresh") {
+    try {
+      const imported = await importAccountFromAuthPath(getActiveAuthPath());
+      try {
+        appServer.dispose();
+        const inspection = await validateSwitchedAccount(appServer);
+        const state = await readStoredAccountsState();
+        const importedAccountId = imported.importedAccountId;
+        const target = state.accounts.find((entry) => entry.accountId === importedAccountId) ?? null;
+        if (!target) {
+          throw new Error("account_not_found");
+        }
+        const nextEntry = {
+          ...target,
+          email: inspection.metadata.email ?? target.email,
+          planType: inspection.metadata.planType ?? target.planType,
+          lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "ready",
+          quotaError: null
+        };
+        const nextState = withUpsertedAccount({
+          activeAccountId: importedAccountId,
+          accounts: state.accounts
+        }, nextEntry);
+        await writeStoredAccountsState({
+          activeAccountId: importedAccountId,
+          accounts: nextState.accounts
+        });
+        const backgroundState = await scheduleAccountsBackgroundRefresh({
+          force: true,
+          prioritizeAccountId: importedAccountId,
+          accountIds: nextState.accounts.filter((entry) => entry.accountId !== importedAccountId).map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          data: {
+            activeAccountId: importedAccountId,
+            importedAccountId,
+            accounts: sortAccounts(backgroundState.accounts, importedAccountId).map((entry) => toPublicAccountEntry(entry, importedAccountId))
+          }
+        });
+      } catch (error) {
+        setJson(res, 502, {
+          error: "account_refresh_failed",
+          message: getErrorMessage(error, "Failed to refresh account")
+        });
+      }
+    } catch (error) {
+      const message = getErrorMessage(error, "Failed to refresh account");
+      if (message === "missing_account_id") {
+        setJson(res, 400, { error: "missing_account_id", message: "Current auth.json is missing tokens.account_id." });
+        return true;
+      }
+      setJson(res, 400, { error: "invalid_auth_json", message: "Failed to parse the current auth.json file." });
+    }
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/accounts/switch") {
+    try {
+      if (appServer.listPendingServerRequests().length > 0) {
+        setJson(res, 409, {
+          error: "account_switch_blocked",
+          message: "Finish pending approval requests before switching accounts."
+        });
+        return true;
+      }
+      const rawBody = await new Promise((resolve2, reject) => {
+        let body = "";
+        req.setEncoding("utf8");
+        req.on("data", (chunk) => {
+          body += chunk;
+        });
+        req.on("end", () => resolve2(body));
+        req.on("error", reject);
+      });
+      const payload = asRecord(rawBody.length > 0 ? JSON.parse(rawBody) : {});
+      const accountId = typeof payload?.accountId === "string" ? payload.accountId.trim() : "";
+      if (!accountId) {
+        setJson(res, 400, { error: "account_not_found", message: "Missing accountId." });
+        return true;
+      }
+      const state = await readStoredAccountsState();
+      const target = state.accounts.find((entry) => entry.accountId === accountId) ?? null;
+      if (!target) {
+        setJson(res, 404, { error: "account_not_found", message: "The requested account was not found." });
+        return true;
+      }
+      const snapshotPath = getSnapshotPath(target.storageId);
+      if (!await fileExists(snapshotPath)) {
+        setJson(res, 404, { error: "account_not_found", message: "The requested account snapshot is missing." });
+        return true;
+      }
+      let previousRaw = null;
+      try {
+        previousRaw = await readFile(getActiveAuthPath(), "utf8");
+      } catch {
+        previousRaw = null;
+      }
+      const targetRaw = await readFile(snapshotPath, "utf8");
+      await writeFile(getActiveAuthPath(), targetRaw, { encoding: "utf8", mode: 384 });
+      try {
+        appServer.dispose();
+        const inspection = await validateSwitchedAccount(appServer);
+        const nextEntry = {
+          ...target,
+          email: inspection.metadata.email ?? target.email,
+          planType: inspection.metadata.planType ?? target.planType,
+          lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "ready",
+          quotaError: null
+        };
+        const nextState = withUpsertedAccount({
+          activeAccountId: accountId,
+          accounts: state.accounts
+        }, nextEntry);
+        await writeStoredAccountsState({
+          activeAccountId: accountId,
+          accounts: nextState.accounts
+        });
+        void scheduleAccountsBackgroundRefresh({
+          force: true,
+          prioritizeAccountId: accountId,
+          accountIds: nextState.accounts.filter((entry) => entry.accountId !== accountId).map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          ok: true,
+          data: {
+            activeAccountId: accountId,
+            account: toPublicAccountEntry(nextEntry, accountId)
+          }
+        });
+      } catch (error) {
+        await restoreActiveAuth(previousRaw);
+        appServer.dispose();
+        setJson(res, 502, {
+          error: "account_switch_failed",
+          message: getErrorMessage(error, "Failed to switch account")
+        });
+      }
+    } catch (error) {
+      setJson(res, 400, {
+        error: "invalid_auth_json",
+        message: getErrorMessage(error, "Failed to switch account")
+      });
+    }
+    return true;
+  }
+  return false;
+}
+
+// src/server/skillsRoutes.ts
+import { spawn as spawn2 } from "child_process";
+import { mkdtemp as mkdtemp2, readFile as readFile2, readdir, rm as rm2, mkdir as mkdir2, stat as stat2, lstat, readlink, symlink } from "fs/promises";
+import { existsSync } from "fs";
+import { homedir as homedir2, tmpdir as tmpdir2 } from "os";
+import { join as join2 } from "path";
+import { writeFile as writeFile2 } from "fs/promises";
+function asRecord2(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value) ? value : null;
+}
+function getErrorMessage2(payload, fallback) {
+  if (payload instanceof Error && payload.message.trim().length > 0) {
+    return payload.message;
+  }
+  const record = asRecord2(payload);
   if (!record) return fallback;
   const error = record.error;
   if (typeof error === "string" && error.length > 0) return error;
-  const nestedError = asRecord(error);
+  const nestedError = asRecord2(error);
   if (nestedError && typeof nestedError.message === "string" && nestedError.message.length > 0) {
     return nestedError.message;
   }
   return fallback;
 }
-function setJson(res, statusCode, payload) {
+function setJson2(res, statusCode, payload) {
   res.statusCode = statusCode;
   res.setHeader("Content-Type", "application/json; charset=utf-8");
   res.end(JSON.stringify(payload));
 }
-function getCodexHomeDir() {
+function getCodexHomeDir2() {
   const codexHome = process.env.CODEX_HOME?.trim();
-  return codexHome && codexHome.length > 0 ? codexHome : join(homedir(), ".codex");
+  return codexHome && codexHome.length > 0 ? codexHome : join2(homedir2(), ".codex");
 }
 function getSkillsInstallDir() {
-  return join(getCodexHomeDir(), "skills");
+  return join2(getCodexHomeDir2(), "skills");
 }
 async function runCommand(command, args, options = {}) {
   await new Promise((resolve2, reject) => {
-    const proc = spawn(command, args, {
+    const proc = spawn2(command, args, {
       cwd: options.cwd,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -96,7 +757,7 @@ async function runCommand(command, args, options = {}) {
 }
 async function runCommandWithOutput(command, args, options = {}) {
   return await new Promise((resolve2, reject) => {
-    const proc = spawn(command, args, {
+    const proc = spawn2(command, args, {
       cwd: options.cwd,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -152,7 +813,7 @@ var skillsTreeCache = null;
 var metaCache = /* @__PURE__ */ new Map();
 async function getGhToken() {
   try {
-    const proc = spawn("gh", ["auth", "token"], { stdio: ["ignore", "pipe", "ignore"] });
+    const proc = spawn2("gh", ["auth", "token"], { stdio: ["ignore", "pipe", "ignore"] });
     let out = "";
     proc.stdout.on("data", (d) => {
       out += d.toString();
@@ -255,9 +916,9 @@ async function scanInstalledSkillsFromDisk() {
     const entries = await readdir(skillsDir, { withFileTypes: true });
     for (const entry of entries) {
       if (!entry.isDirectory() || entry.name.startsWith(".")) continue;
-      const skillMd = join(skillsDir, entry.name, "SKILL.md");
+      const skillMd = join2(skillsDir, entry.name, "SKILL.md");
       try {
-        await stat(skillMd);
+        await stat2(skillMd);
         map.set(entry.name, { name: entry.name, path: skillMd, enabled: true });
       } catch {
       }
@@ -267,11 +928,11 @@ async function scanInstalledSkillsFromDisk() {
   return map;
 }
 function getSkillsSyncStatePath() {
-  return join(getCodexHomeDir(), "skills-sync.json");
+  return join2(getCodexHomeDir2(), "skills-sync.json");
 }
 async function readSkillsSyncState() {
   try {
-    const raw = await readFile(getSkillsSyncStatePath(), "utf8");
+    const raw = await readFile2(getSkillsSyncStatePath(), "utf8");
     const parsed = JSON.parse(raw);
     return parsed && typeof parsed === "object" ? parsed : {};
   } catch {
@@ -279,7 +940,7 @@ async function readSkillsSyncState() {
   }
 }
 async function writeSkillsSyncState(state) {
-  await writeFile(getSkillsSyncStatePath(), JSON.stringify(state), "utf8");
+  await writeFile2(getSkillsSyncStatePath(), JSON.stringify(state), "utf8");
 }
 async function getGithubJson(url, token, method = "GET", body) {
   const resp = await fetch(url, {
@@ -402,7 +1063,7 @@ async function ensurePrivateForkFromUpstream(token, username, repoName) {
   }
   if (!ready) throw new Error("Private mirror repo was created but is not available yet");
   if (!created) return;
-  const tmp = await mkdtemp(join(tmpdir(), "codex-skills-seed-"));
+  const tmp = await mkdtemp2(join2(tmpdir2(), "codex-skills-seed-"));
   try {
     const upstreamUrl = `https://github.com/${SYNC_UPSTREAM_SKILLS_OWNER}/${SYNC_UPSTREAM_SKILLS_REPO}.git`;
     const branch = getPreferredSyncBranch();
@@ -419,7 +1080,7 @@ async function ensurePrivateForkFromUpstream(token, username, repoName) {
     }
     await runCommand("git", ["push", "-u", "origin", `HEAD:${branch}`], { cwd: tmp });
   } finally {
-    await rm(tmp, { recursive: true, force: true });
+    await rm2(tmp, { recursive: true, force: true });
   }
 }
 async function readRemoteSkillsManifest(token, repoOwner, repoName) {
@@ -440,7 +1101,7 @@ async function readRemoteSkillsManifest(token, repoOwner, repoName) {
   if (!Array.isArray(parsed)) return [];
   const skills = [];
   for (const row of parsed) {
-    const item = asRecord(row);
+    const item = asRecord2(row);
     const owner = typeof item?.owner === "string" ? item.owner : "";
     const name = typeof item?.name === "string" ? item.name : "";
     if (!name) continue;
@@ -475,11 +1136,11 @@ function toGitHubTokenRemote(repoOwner, repoName, token) {
 }
 async function ensureSkillsWorkingTreeRepo(repoUrl, branch) {
   const localDir = getSkillsInstallDir();
-  await mkdir(localDir, { recursive: true });
-  const gitDir = join(localDir, ".git");
+  await mkdir2(localDir, { recursive: true });
+  const gitDir = join2(localDir, ".git");
   let hasGitDir = false;
   try {
-    hasGitDir = (await stat(gitDir)).isDirectory();
+    hasGitDir = (await stat2(gitDir)).isDirectory();
   } catch {
     hasGitDir = false;
   }
@@ -591,7 +1252,7 @@ async function walkFileMtimes(rootDir, currentDir, out) {
   for (const entry of entries) {
     const entryName = String(entry.name);
     if (entryName === ".git") continue;
-    const absolutePath = join(currentDir, entryName);
+    const absolutePath = join2(currentDir, entryName);
     const relativePath = absolutePath.slice(rootDir.length + 1);
     if (entry.isDirectory()) {
       await walkFileMtimes(rootDir, absolutePath, out);
@@ -599,7 +1260,7 @@ async function walkFileMtimes(rootDir, currentDir, out) {
     }
     if (!entry.isFile()) continue;
     try {
-      const info = await stat(absolutePath);
+      const info = await stat2(absolutePath);
       out.set(relativePath, info.mtimeMs);
     } catch {
     }
@@ -684,41 +1345,41 @@ async function autoPushSyncedSkills(appServer) {
   await syncInstalledSkillsFolderToRepo(state.githubToken, state.repoOwner, state.repoName, installedMap);
 }
 async function ensureCodexAgentsSymlinkToSkillsAgents() {
-  const codexHomeDir = getCodexHomeDir();
-  const skillsAgentsPath = join(codexHomeDir, "skills", "AGENTS.md");
-  const codexAgentsPath = join(codexHomeDir, "AGENTS.md");
-  await mkdir(join(codexHomeDir, "skills"), { recursive: true });
+  const codexHomeDir = getCodexHomeDir2();
+  const skillsAgentsPath = join2(codexHomeDir, "skills", "AGENTS.md");
+  const codexAgentsPath = join2(codexHomeDir, "AGENTS.md");
+  await mkdir2(join2(codexHomeDir, "skills"), { recursive: true });
   let copiedFromCodex = false;
   try {
     const codexAgentsStat = await lstat(codexAgentsPath);
     if (codexAgentsStat.isFile() || codexAgentsStat.isSymbolicLink()) {
-      const content = await readFile(codexAgentsPath, "utf8");
-      await writeFile(skillsAgentsPath, content, "utf8");
+      const content = await readFile2(codexAgentsPath, "utf8");
+      await writeFile2(skillsAgentsPath, content, "utf8");
       copiedFromCodex = true;
     } else {
-      await rm(codexAgentsPath, { force: true, recursive: true });
+      await rm2(codexAgentsPath, { force: true, recursive: true });
     }
   } catch {
   }
   if (!copiedFromCodex) {
     try {
-      const skillsAgentsStat = await stat(skillsAgentsPath);
+      const skillsAgentsStat = await stat2(skillsAgentsPath);
       if (!skillsAgentsStat.isFile()) {
-        await rm(skillsAgentsPath, { force: true, recursive: true });
-        await writeFile(skillsAgentsPath, "", "utf8");
+        await rm2(skillsAgentsPath, { force: true, recursive: true });
+        await writeFile2(skillsAgentsPath, "", "utf8");
       }
     } catch {
-      await writeFile(skillsAgentsPath, "", "utf8");
+      await writeFile2(skillsAgentsPath, "", "utf8");
     }
   }
-  const relativeTarget = join("skills", "AGENTS.md");
+  const relativeTarget = join2("skills", "AGENTS.md");
   try {
     const current = await lstat(codexAgentsPath);
     if (current.isSymbolicLink()) {
       const existingTarget = await readlink(codexAgentsPath);
       if (existingTarget === relativeTarget) return;
     }
-    await rm(codexAgentsPath, { force: true, recursive: true });
+    await rm2(codexAgentsPath, { force: true, recursive: true });
   } catch {
   }
   await symlink(relativeTarget, codexAgentsPath);
@@ -768,7 +1429,7 @@ async function initializeSkillsSyncOnStartup(appServer) {
     startupSyncStatus.lastSuccessAtIso = (/* @__PURE__ */ new Date()).toISOString();
     startupSyncStatus.lastAction = "startup-sync-complete";
   } catch (error) {
-    startupSyncStatus.lastError = getErrorMessage(error, "startup-sync-failed");
+    startupSyncStatus.lastError = getErrorMessage2(error, "startup-sync-failed");
     startupSyncStatus.lastAction = "startup-sync-failed";
   } finally {
     startupSyncStatus.inProgress = false;
@@ -849,15 +1510,15 @@ async function handleSkillsRoutes(req, res, url, context) {
         installed.push({ ...base, installed: true, path: info.path, enabled: info.enabled });
       }
       const results = await searchSkillsHub(allEntries, q, limit, sort, installedMap);
-      setJson(res, 200, { data: results, installed, total: allEntries.length });
+      setJson2(res, 200, { data: results, installed, total: allEntries.length });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to fetch skills hub") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to fetch skills hub") });
     }
     return true;
   }
   if (req.method === "GET" && url.pathname === "/codex-api/skills-sync/status") {
     const state = await readSkillsSyncState();
-    setJson(res, 200, {
+    setJson2(res, 200, {
       data: {
         loggedIn: Boolean(state.githubToken),
         githubUsername: state.githubUsername ?? "",
@@ -880,25 +1541,25 @@ async function handleSkillsRoutes(req, res, url, context) {
   if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/start-login") {
     try {
       const started = await startGithubDeviceLogin();
-      setJson(res, 200, { data: started });
+      setJson2(res, 200, { data: started });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to start GitHub login") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to start GitHub login") });
     }
     return true;
   }
   if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/token-login") {
     try {
-      const payload = asRecord(await readJsonBody2(req));
+      const payload = asRecord2(await readJsonBody2(req));
       const token = typeof payload?.token === "string" ? payload.token.trim() : "";
       if (!token) {
-        setJson(res, 400, { error: "Missing GitHub token" });
+        setJson2(res, 400, { error: "Missing GitHub token" });
         return true;
       }
       const username = await resolveGithubUsername(token);
       await finalizeGithubLoginAndSync(token, username, appServer);
-      setJson(res, 200, { ok: true, data: { githubUsername: username } });
+      setJson2(res, 200, { ok: true, data: { githubUsername: username } });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to login with GitHub token") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to login with GitHub token") });
     }
     return true;
   }
@@ -912,31 +1573,31 @@ async function handleSkillsRoutes(req, res, url, context) {
         repoOwner: void 0,
         repoName: void 0
       });
-      setJson(res, 200, { ok: true });
+      setJson2(res, 200, { ok: true });
     } catch (error) {
-      setJson(res, 500, { error: getErrorMessage(error, "Failed to logout GitHub") });
+      setJson2(res, 500, { error: getErrorMessage2(error, "Failed to logout GitHub") });
     }
     return true;
   }
   if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/complete-login") {
     try {
-      const payload = asRecord(await readJsonBody2(req));
+      const payload = asRecord2(await readJsonBody2(req));
       const deviceCode = typeof payload?.deviceCode === "string" ? payload.deviceCode : "";
       if (!deviceCode) {
-        setJson(res, 400, { error: "Missing deviceCode" });
+        setJson2(res, 400, { error: "Missing deviceCode" });
         return true;
       }
       const result = await completeGithubDeviceLogin(deviceCode);
       if (!result.token) {
-        setJson(res, 200, { ok: false, pending: result.error === "authorization_pending", error: result.error || "login_failed" });
+        setJson2(res, 200, { ok: false, pending: result.error === "authorization_pending", error: result.error || "login_failed" });
         return true;
       }
       const token = result.token;
       const username = await resolveGithubUsername(token);
       await finalizeGithubLoginAndSync(token, username, appServer);
-      setJson(res, 200, { ok: true, data: { githubUsername: username } });
+      setJson2(res, 200, { ok: true, data: { githubUsername: username } });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to complete GitHub login") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to complete GitHub login") });
     }
     return true;
   }
@@ -944,20 +1605,20 @@ async function handleSkillsRoutes(req, res, url, context) {
     try {
       const state = await readSkillsSyncState();
       if (!state.githubToken || !state.repoOwner || !state.repoName) {
-        setJson(res, 400, { error: "Skills sync is not configured yet" });
+        setJson2(res, 400, { error: "Skills sync is not configured yet" });
         return true;
       }
       if (isUpstreamSkillsRepo(state.repoOwner, state.repoName)) {
-        setJson(res, 400, { error: "Refusing to push to upstream repository" });
+        setJson2(res, 400, { error: "Refusing to push to upstream repository" });
         return true;
       }
       const local = await collectLocalSyncedSkills(appServer);
       const installedMap = await scanInstalledSkillsFromDisk();
       await writeRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName, local);
       await syncInstalledSkillsFolderToRepo(state.githubToken, state.repoOwner, state.repoName, installedMap);
-      setJson(res, 200, { ok: true, data: { synced: local.length } });
+      setJson2(res, 200, { ok: true, data: { synced: local.length } });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to push synced skills") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to push synced skills") });
     }
     return true;
   }
@@ -970,7 +1631,7 @@ async function handleSkillsRoutes(req, res, url, context) {
           await appServer.rpc("skills/list", { forceReload: true });
         } catch {
         }
-        setJson(res, 200, { ok: true, data: { synced: 0, source: "upstream" } });
+        setJson2(res, 200, { ok: true, data: { synced: 0, source: "upstream" } });
         return true;
       }
       const remote = await readRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName);
@@ -1009,13 +1670,13 @@ async function handleSkillsRoutes(req, res, url, context) {
             "git"
           ]);
         }
-        const skillPath = join(localDir, skill.name);
+        const skillPath = join2(localDir, skill.name);
         await appServer.rpc("skills/config/write", { path: skillPath, enabled: skill.enabled });
       }
       const remoteNames = new Set(remote.map((row) => row.name));
       for (const [name, localInfo] of localSkills.entries()) {
         if (!remoteNames.has(name)) {
-          await rm(localInfo.path.replace(/\/SKILL\.md$/, ""), { recursive: true, force: true });
+          await rm2(localInfo.path.replace(/\/SKILL\.md$/, ""), { recursive: true, force: true });
         }
       }
       const nextOwners = {};
@@ -1028,9 +1689,9 @@ async function handleSkillsRoutes(req, res, url, context) {
         await appServer.rpc("skills/list", { forceReload: true });
       } catch {
       }
-      setJson(res, 200, { ok: true, data: { synced: remote.length } });
+      setJson2(res, 200, { ok: true, data: { synced: remote.length } });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to pull synced skills") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to pull synced skills") });
     }
     return true;
   }
@@ -1039,26 +1700,26 @@ async function handleSkillsRoutes(req, res, url, context) {
       const owner = url.searchParams.get("owner") || "";
       const name = url.searchParams.get("name") || "";
       if (!owner || !name) {
-        setJson(res, 400, { error: "Missing owner or name" });
+        setJson2(res, 400, { error: "Missing owner or name" });
         return true;
       }
       const rawUrl = `https://raw.githubusercontent.com/${HUB_SKILLS_OWNER}/${HUB_SKILLS_REPO}/main/skills/${owner}/${name}/SKILL.md`;
       const resp = await fetch(rawUrl);
       if (!resp.ok) throw new Error(`Failed to fetch SKILL.md: ${resp.status}`);
       const content = await resp.text();
-      setJson(res, 200, { content });
+      setJson2(res, 200, { content });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to fetch SKILL.md") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to fetch SKILL.md") });
     }
     return true;
   }
   if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/install") {
     try {
-      const payload = asRecord(await readJsonBody2(req));
+      const payload = asRecord2(await readJsonBody2(req));
       const owner = typeof payload?.owner === "string" ? payload.owner : "";
       const name = typeof payload?.name === "string" ? payload.name : "";
       if (!owner || !name) {
-        setJson(res, 400, { error: "Missing owner or name" });
+        setJson2(res, 400, { error: "Missing owner or name" });
         return true;
       }
       const installerScript = "/Users/igor/.cursor/skills/.system/skill-installer/scripts/install-skill-from-github.py";
@@ -1074,29 +1735,29 @@ async function handleSkillsRoutes(req, res, url, context) {
         "--method",
         "git"
       ]);
-      const skillDir = join(installDest, name);
+      const skillDir = join2(installDest, name);
       await ensureInstalledSkillIsValid(appServer, skillDir);
       const syncState = await readSkillsSyncState();
       const nextOwners = { ...syncState.installedOwners ?? {}, [name]: owner };
       await writeSkillsSyncState({ ...syncState, installedOwners: nextOwners });
       await autoPushSyncedSkills(appServer);
-      setJson(res, 200, { ok: true, path: skillDir });
+      setJson2(res, 200, { ok: true, path: skillDir });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to install skill") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to install skill") });
     }
     return true;
   }
   if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/uninstall") {
     try {
-      const payload = asRecord(await readJsonBody2(req));
+      const payload = asRecord2(await readJsonBody2(req));
       const name = typeof payload?.name === "string" ? payload.name : "";
       const path = typeof payload?.path === "string" ? payload.path : "";
-      const target = path || (name ? join(getSkillsInstallDir(), name) : "");
+      const target = path || (name ? join2(getSkillsInstallDir(), name) : "");
       if (!target) {
-        setJson(res, 400, { error: "Missing name or path" });
+        setJson2(res, 400, { error: "Missing name or path" });
         return true;
       }
-      await rm(target, { recursive: true, force: true });
+      await rm2(target, { recursive: true, force: true });
       if (name) {
         const syncState = await readSkillsSyncState();
         const nextOwners = { ...syncState.installedOwners ?? {} };
@@ -1108,9 +1769,9 @@ async function handleSkillsRoutes(req, res, url, context) {
         await appServer.rpc("skills/list", { forceReload: true });
       } catch {
       }
-      setJson(res, 200, { ok: true, deletedPath: target });
+      setJson2(res, 200, { ok: true, deletedPath: target });
     } catch (error) {
-      setJson(res, 502, { error: getErrorMessage(error, "Failed to uninstall skill") });
+      setJson2(res, 502, { error: getErrorMessage2(error, "Failed to uninstall skill") });
     }
     return true;
   }
@@ -1118,38 +1779,38 @@ async function handleSkillsRoutes(req, res, url, context) {
 }
 
 // src/server/codexAppServerBridge.ts
-function asRecord2(value) {
+function asRecord3(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value) ? value : null;
 }
-function getErrorMessage2(payload, fallback) {
+function getErrorMessage3(payload, fallback) {
   if (payload instanceof Error && payload.message.trim().length > 0) {
     return payload.message;
   }
-  const record = asRecord2(payload);
+  const record = asRecord3(payload);
   if (!record) return fallback;
   const error = record.error;
   if (typeof error === "string" && error.length > 0) return error;
-  const nestedError = asRecord2(error);
+  const nestedError = asRecord3(error);
   if (nestedError && typeof nestedError.message === "string" && nestedError.message.length > 0) {
     return nestedError.message;
   }
   return fallback;
 }
-function setJson2(res, statusCode, payload) {
+function setJson3(res, statusCode, payload) {
   res.statusCode = statusCode;
   res.setHeader("Content-Type", "application/json; charset=utf-8");
   res.end(JSON.stringify(payload));
 }
 function extractThreadMessageText(threadReadPayload) {
-  const payload = asRecord2(threadReadPayload);
-  const thread = asRecord2(payload?.thread);
+  const payload = asRecord3(threadReadPayload);
+  const thread = asRecord3(payload?.thread);
   const turns = Array.isArray(thread?.turns) ? thread.turns : [];
   const parts = [];
   for (const turn of turns) {
-    const turnRecord = asRecord2(turn);
+    const turnRecord = asRecord3(turn);
     const items = Array.isArray(turnRecord?.items) ? turnRecord.items : [];
     for (const item of items) {
-      const itemRecord = asRecord2(item);
+      const itemRecord = asRecord3(item);
       const type = typeof itemRecord?.type === "string" ? itemRecord.type : "";
       if (type === "agentMessage" && typeof itemRecord?.text === "string" && itemRecord.text.trim().length > 0) {
         parts.push(itemRecord.text.trim());
@@ -1158,7 +1819,7 @@ function extractThreadMessageText(threadReadPayload) {
       if (type === "userMessage") {
         const content = Array.isArray(itemRecord?.content) ? itemRecord.content : [];
         for (const block of content) {
-          const blockRecord = asRecord2(block);
+          const blockRecord = asRecord3(block);
           if (blockRecord?.type === "text" && typeof blockRecord.text === "string" && blockRecord.text.trim().length > 0) {
             parts.push(blockRecord.text.trim());
           }
@@ -1194,7 +1855,7 @@ function scoreFileCandidate(path, query) {
 }
 async function listFilesWithRipgrep(cwd) {
   return await new Promise((resolve2, reject) => {
-    const proc = spawn2("rg", ["--files", "--hidden", "-g", "!.git", "-g", "!node_modules"], {
+    const proc = spawn3("rg", ["--files", "--hidden", "-g", "!.git", "-g", "!node_modules"], {
       cwd,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -1219,13 +1880,13 @@ async function listFilesWithRipgrep(cwd) {
     });
   });
 }
-function getCodexHomeDir2() {
+function getCodexHomeDir3() {
   const codexHome = process.env.CODEX_HOME?.trim();
-  return codexHome && codexHome.length > 0 ? codexHome : join2(homedir2(), ".codex");
+  return codexHome && codexHome.length > 0 ? codexHome : join3(homedir3(), ".codex");
 }
 async function runCommand2(command, args, options = {}) {
   await new Promise((resolve2, reject) => {
-    const proc = spawn2(command, args, {
+    const proc = spawn3(command, args, {
       cwd: options.cwd,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -1251,19 +1912,19 @@ async function runCommand2(command, args, options = {}) {
   });
 }
 function isMissingHeadError(error) {
-  const message = getErrorMessage2(error, "").toLowerCase();
+  const message = getErrorMessage3(error, "").toLowerCase();
   return message.includes("not a valid object name: 'head'") || message.includes("not a valid object name: head") || message.includes("invalid reference: head");
 }
 function isNotGitRepositoryError(error) {
-  const message = getErrorMessage2(error, "").toLowerCase();
+  const message = getErrorMessage3(error, "").toLowerCase();
   return message.includes("not a git repository") || message.includes("fatal: not a git repository");
 }
 async function ensureRepoHasInitialCommit(repoRoot) {
-  const agentsPath = join2(repoRoot, "AGENTS.md");
+  const agentsPath = join3(repoRoot, "AGENTS.md");
   try {
-    await stat2(agentsPath);
+    await stat3(agentsPath);
   } catch {
-    await writeFile2(agentsPath, "", "utf8");
+    await writeFile3(agentsPath, "", "utf8");
   }
   await runCommand2("git", ["add", "AGENTS.md"], { cwd: repoRoot });
   await runCommand2(
@@ -1274,7 +1935,7 @@ async function ensureRepoHasInitialCommit(repoRoot) {
 }
 async function runCommandCapture(command, args, options = {}) {
   return await new Promise((resolve2, reject) => {
-    const proc = spawn2(command, args, {
+    const proc = spawn3(command, args, {
       cwd: options.cwd,
       env: process.env,
       stdio: ["ignore", "pipe", "pipe"]
@@ -1320,11 +1981,11 @@ function normalizeStringRecord(value) {
   return next;
 }
 function getCodexAuthPath() {
-  return join2(getCodexHomeDir2(), "auth.json");
+  return join3(getCodexHomeDir3(), "auth.json");
 }
 async function readCodexAuth() {
   try {
-    const raw = await readFile2(getCodexAuthPath(), "utf8");
+    const raw = await readFile3(getCodexAuthPath(), "utf8");
     const auth = JSON.parse(raw);
     const token = auth.tokens?.access_token;
     if (!token) return null;
@@ -1334,13 +1995,13 @@ async function readCodexAuth() {
   }
 }
 function getCodexGlobalStatePath() {
-  return join2(getCodexHomeDir2(), ".codex-global-state.json");
+  return join3(getCodexHomeDir3(), ".codex-global-state.json");
 }
 var MAX_THREAD_TITLES = 500;
 function normalizeThreadTitleCache(value) {
-  const record = asRecord2(value);
+  const record = asRecord3(value);
   if (!record) return { titles: {}, order: [] };
-  const rawTitles = asRecord2(record.titles);
+  const rawTitles = asRecord3(record.titles);
   const titles = {};
   if (rawTitles) {
     for (const [k, v] of Object.entries(rawTitles)) {
@@ -1366,8 +2027,8 @@ function removeFromThreadTitleCache(cache, id) {
 async function readThreadTitleCache() {
   const statePath = getCodexGlobalStatePath();
   try {
-    const raw = await readFile2(statePath, "utf8");
-    const payload = asRecord2(JSON.parse(raw)) ?? {};
+    const raw = await readFile3(statePath, "utf8");
+    const payload = asRecord3(JSON.parse(raw)) ?? {};
     return normalizeThreadTitleCache(payload["thread-titles"]);
   } catch {
     return { titles: {}, order: [] };
@@ -1377,21 +2038,21 @@ async function writeThreadTitleCache(cache) {
   const statePath = getCodexGlobalStatePath();
   let payload = {};
   try {
-    const raw = await readFile2(statePath, "utf8");
-    payload = asRecord2(JSON.parse(raw)) ?? {};
+    const raw = await readFile3(statePath, "utf8");
+    payload = asRecord3(JSON.parse(raw)) ?? {};
   } catch {
     payload = {};
   }
   payload["thread-titles"] = cache;
-  await writeFile2(statePath, JSON.stringify(payload), "utf8");
+  await writeFile3(statePath, JSON.stringify(payload), "utf8");
 }
 async function readWorkspaceRootsState() {
   const statePath = getCodexGlobalStatePath();
   let payload = {};
   try {
-    const raw = await readFile2(statePath, "utf8");
+    const raw = await readFile3(statePath, "utf8");
     const parsed = JSON.parse(raw);
-    payload = asRecord2(parsed) ?? {};
+    payload = asRecord3(parsed) ?? {};
   } catch {
     payload = {};
   }
@@ -1405,15 +2066,15 @@ async function writeWorkspaceRootsState(nextState) {
   const statePath = getCodexGlobalStatePath();
   let payload = {};
   try {
-    const raw = await readFile2(statePath, "utf8");
-    payload = asRecord2(JSON.parse(raw)) ?? {};
+    const raw = await readFile3(statePath, "utf8");
+    payload = asRecord3(JSON.parse(raw)) ?? {};
   } catch {
     payload = {};
   }
   payload["electron-saved-workspace-roots"] = normalizeStringArray(nextState.order);
   payload["electron-workspace-root-labels"] = normalizeStringRecord(nextState.labels);
   payload["active-workspace-roots"] = normalizeStringArray(nextState.active);
-  await writeFile2(statePath, JSON.stringify(payload), "utf8");
+  await writeFile3(statePath, JSON.stringify(payload), "utf8");
 }
 async function readJsonBody(req) {
   const raw = await readRawBody(req);
@@ -1451,7 +2112,7 @@ function handleFileUpload(req, res) {
       const contentType = req.headers["content-type"] ?? "";
       const boundaryMatch = contentType.match(/boundary=(.+)/i);
       if (!boundaryMatch) {
-        setJson2(res, 400, { error: "Missing multipart boundary" });
+        setJson3(res, 400, { error: "Missing multipart boundary" });
         return;
       }
       const boundary = boundaryMatch[1];
@@ -1481,21 +2142,21 @@ function handleFileUpload(req, res) {
         break;
       }
       if (!fileData) {
-        setJson2(res, 400, { error: "No file in request" });
+        setJson3(res, 400, { error: "No file in request" });
         return;
       }
-      const uploadDir = join2(tmpdir2(), "codex-web-uploads");
-      await mkdir2(uploadDir, { recursive: true });
-      const destDir = await mkdtemp2(join2(uploadDir, "f-"));
-      const destPath = join2(destDir, fileName);
-      await writeFile2(destPath, fileData);
-      setJson2(res, 200, { path: destPath });
+      const uploadDir = join3(tmpdir3(), "codex-web-uploads");
+      await mkdir3(uploadDir, { recursive: true });
+      const destDir = await mkdtemp3(join3(uploadDir, "f-"));
+      const destPath = join3(destDir, fileName);
+      await writeFile3(destPath, fileData);
+      setJson3(res, 200, { path: destPath });
     } catch (err) {
-      setJson2(res, 500, { error: getErrorMessage2(err, "Upload failed") });
+      setJson3(res, 500, { error: getErrorMessage3(err, "Upload failed") });
     }
   });
   req.on("error", (err) => {
-    setJson2(res, 500, { error: getErrorMessage2(err, "Upload stream error") });
+    setJson3(res, 500, { error: getErrorMessage3(err, "Upload stream error") });
   });
 }
 async function proxyTranscribe(body, contentType, authToken, accountId) {
@@ -1547,7 +2208,7 @@ var AppServerProcess = class {
   start() {
     if (this.process) return;
     this.stopping = false;
-    const proc = spawn2("codex", this.appServerArgs, { stdio: ["pipe", "pipe", "pipe"] });
+    const proc = spawn3("codex", this.appServerArgs, { stdio: ["pipe", "pipe", "pipe"] });
     this.process = proc;
     proc.stdout.setEncoding("utf8");
     proc.stdout.on("data", (chunk) => {
@@ -1566,6 +2227,9 @@ var AppServerProcess = class {
     proc.stderr.on("data", () => {
     });
     proc.on("exit", () => {
+      if (this.process !== proc) {
+        return;
+      }
       const failure = new Error(this.stopping ? "codex app-server stopped" : "codex app-server exited unexpectedly");
       for (const request of this.pending.values()) {
         request.reject(failure);
@@ -1641,7 +2305,7 @@ var AppServerProcess = class {
     }
     this.pendingServerRequests.delete(requestId);
     this.sendServerRequestReply(requestId, reply);
-    const requestParams = asRecord2(pendingRequest.params);
+    const requestParams = asRecord3(pendingRequest.params);
     const threadId = typeof requestParams?.threadId === "string" && requestParams.threadId.length > 0 ? requestParams.threadId : "";
     this.emitNotification({
       method: "server/request/resolved",
@@ -1717,7 +2381,7 @@ var AppServerProcess = class {
   }
   async respondToServerRequest(payload) {
     await this.ensureInitialized();
-    const body = asRecord2(payload);
+    const body = asRecord3(payload);
     if (!body) {
       throw new Error("Invalid response payload: expected object");
     }
@@ -1725,7 +2389,7 @@ var AppServerProcess = class {
     if (typeof id !== "number" || !Number.isInteger(id)) {
       throw new Error('Invalid response payload: "id" must be an integer');
     }
-    const rawError = asRecord2(body.error);
+    const rawError = asRecord3(body.error);
     if (rawError) {
       const message = typeof rawError.message === "string" && rawError.message.trim().length > 0 ? rawError.message.trim() : "Server request rejected by client";
       const code = typeof rawError.code === "number" && Number.isFinite(rawError.code) ? Math.trunc(rawError.code) : -32e3;
@@ -1780,7 +2444,7 @@ var MethodCatalog = class {
   }
   async runGenerateSchemaCommand(outDir) {
     await new Promise((resolve2, reject) => {
-      const process2 = spawn2("codex", ["app-server", "generate-json-schema", "--out", outDir], {
+      const process2 = spawn3("codex", ["app-server", "generate-json-schema", "--out", outDir], {
         stdio: ["ignore", "ignore", "pipe"]
       });
       let stderr = "";
@@ -1799,13 +2463,13 @@ var MethodCatalog = class {
     });
   }
   extractMethodsFromClientRequest(payload) {
-    const root = asRecord2(payload);
+    const root = asRecord3(payload);
     const oneOf = Array.isArray(root?.oneOf) ? root.oneOf : [];
     const methods = /* @__PURE__ */ new Set();
     for (const entry of oneOf) {
-      const row = asRecord2(entry);
-      const properties = asRecord2(row?.properties);
-      const methodDef = asRecord2(properties?.method);
+      const row = asRecord3(entry);
+      const properties = asRecord3(row?.properties);
+      const methodDef = asRecord3(properties?.method);
       const methodEnum = Array.isArray(methodDef?.enum) ? methodDef.enum : [];
       for (const item of methodEnum) {
         if (typeof item === "string" && item.length > 0) {
@@ -1816,13 +2480,13 @@ var MethodCatalog = class {
     return Array.from(methods).sort((a, b) => a.localeCompare(b));
   }
   extractMethodsFromServerNotification(payload) {
-    const root = asRecord2(payload);
+    const root = asRecord3(payload);
     const oneOf = Array.isArray(root?.oneOf) ? root.oneOf : [];
     const methods = /* @__PURE__ */ new Set();
     for (const entry of oneOf) {
-      const row = asRecord2(entry);
-      const properties = asRecord2(row?.properties);
-      const methodDef = asRecord2(properties?.method);
+      const row = asRecord3(entry);
+      const properties = asRecord3(row?.properties);
+      const methodDef = asRecord3(properties?.method);
       const methodEnum = Array.isArray(methodDef?.enum) ? methodDef.enum : [];
       for (const item of methodEnum) {
         if (typeof item === "string" && item.length > 0) {
@@ -1836,10 +2500,10 @@ var MethodCatalog = class {
     if (this.methodCache) {
       return this.methodCache;
     }
-    const outDir = await mkdtemp2(join2(tmpdir2(), "codex-web-local-schema-"));
+    const outDir = await mkdtemp3(join3(tmpdir3(), "codex-web-local-schema-"));
     await this.runGenerateSchemaCommand(outDir);
-    const clientRequestPath = join2(outDir, "ClientRequest.json");
-    const raw = await readFile2(clientRequestPath, "utf8");
+    const clientRequestPath = join3(outDir, "ClientRequest.json");
+    const raw = await readFile3(clientRequestPath, "utf8");
     const parsed = JSON.parse(raw);
     const methods = this.extractMethodsFromClientRequest(parsed);
     this.methodCache = methods;
@@ -1849,10 +2513,10 @@ var MethodCatalog = class {
     if (this.notificationCache) {
       return this.notificationCache;
     }
-    const outDir = await mkdtemp2(join2(tmpdir2(), "codex-web-local-schema-"));
+    const outDir = await mkdtemp3(join3(tmpdir3(), "codex-web-local-schema-"));
     await this.runGenerateSchemaCommand(outDir);
-    const serverNotificationPath = join2(outDir, "ServerNotification.json");
-    const raw = await readFile2(serverNotificationPath, "utf8");
+    const serverNotificationPath = join3(outDir, "ServerNotification.json");
+    const raw = await readFile3(serverNotificationPath, "utf8");
     const parsed = JSON.parse(raw);
     const methods = this.extractMethodsFromServerNotification(parsed);
     this.notificationCache = methods;
@@ -1882,7 +2546,7 @@ async function loadAllThreadsForSearch(appServer) {
   const threads = [];
   let cursor = null;
   do {
-    const response = asRecord2(await appServer.rpc("thread/list", {
+    const response = asRecord3(await appServer.rpc("thread/list", {
       archived: false,
       limit: 100,
       sortKey: "updated_at",
@@ -1890,7 +2554,7 @@ async function loadAllThreadsForSearch(appServer) {
     }));
     const data = Array.isArray(response?.data) ? response.data : [];
     for (const row of data) {
-      const record = asRecord2(row);
+      const record = asRecord3(row);
       const id = typeof record?.id === "string" ? record.id : "";
       if (!id) continue;
       const title = typeof record?.name === "string" && record.name.trim().length > 0 ? record.name.trim() : typeof record?.preview === "string" && record.preview.trim().length > 0 ? record.preview.trim() : "Untitled thread";
@@ -1962,6 +2626,9 @@ function createCodexBridgeMiddleware() {
         return;
       }
       const url = new URL(req.url, "http://localhost");
+      if (await handleAccountRoutes(req, res, url, { appServer })) {
+        return;
+      }
       if (await handleSkillsRoutes(req, res, url, { appServer, readJsonBody })) {
         return;
       }
@@ -1971,19 +2638,19 @@ function createCodexBridgeMiddleware() {
       }
       if (req.method === "POST" && url.pathname === "/codex-api/rpc") {
         const payload = await readJsonBody(req);
-        const body = asRecord2(payload);
+        const body = asRecord3(payload);
         if (!body || typeof body.method !== "string" || body.method.length === 0) {
-          setJson2(res, 400, { error: "Invalid body: expected { method, params? }" });
+          setJson3(res, 400, { error: "Invalid body: expected { method, params? }" });
           return;
         }
         const result = await appServer.rpc(body.method, body.params ?? null);
-        setJson2(res, 200, { result });
+        setJson3(res, 200, { result });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/transcribe") {
         const auth = await readCodexAuth();
         if (!auth) {
-          setJson2(res, 401, { error: "No auth token available for transcription" });
+          setJson3(res, 401, { error: "No auth token available for transcription" });
           return;
         }
         const rawBody = await readRawBody(req);
@@ -1997,48 +2664,48 @@ function createCodexBridgeMiddleware() {
       if (req.method === "POST" && url.pathname === "/codex-api/server-requests/respond") {
         const payload = await readJsonBody(req);
         await appServer.respondToServerRequest(payload);
-        setJson2(res, 200, { ok: true });
+        setJson3(res, 200, { ok: true });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/server-requests/pending") {
-        setJson2(res, 200, { data: appServer.listPendingServerRequests() });
+        setJson3(res, 200, { data: appServer.listPendingServerRequests() });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/meta/methods") {
         const methods = await methodCatalog.listMethods();
-        setJson2(res, 200, { data: methods });
+        setJson3(res, 200, { data: methods });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/meta/notifications") {
         const methods = await methodCatalog.listNotificationMethods();
-        setJson2(res, 200, { data: methods });
+        setJson3(res, 200, { data: methods });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/workspace-roots-state") {
         const state = await readWorkspaceRootsState();
-        setJson2(res, 200, { data: state });
+        setJson3(res, 200, { data: state });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/home-directory") {
-        setJson2(res, 200, { data: { path: homedir2() } });
+        setJson3(res, 200, { data: { path: homedir3() } });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/worktree/create") {
-        const payload = asRecord2(await readJsonBody(req));
+        const payload = asRecord3(await readJsonBody(req));
         const rawSourceCwd = typeof payload?.sourceCwd === "string" ? payload.sourceCwd.trim() : "";
         if (!rawSourceCwd) {
-          setJson2(res, 400, { error: "Missing sourceCwd" });
+          setJson3(res, 400, { error: "Missing sourceCwd" });
           return;
         }
         const sourceCwd = isAbsolute(rawSourceCwd) ? rawSourceCwd : resolve(rawSourceCwd);
         try {
-          const sourceInfo = await stat2(sourceCwd);
+          const sourceInfo = await stat3(sourceCwd);
           if (!sourceInfo.isDirectory()) {
-            setJson2(res, 400, { error: "sourceCwd is not a directory" });
+            setJson3(res, 400, { error: "sourceCwd is not a directory" });
             return;
           }
         } catch {
-          setJson2(res, 404, { error: "sourceCwd does not exist" });
+          setJson3(res, 404, { error: "sourceCwd does not exist" });
           return;
         }
         try {
@@ -2051,21 +2718,21 @@ function createCodexBridgeMiddleware() {
             gitRoot = await runCommandCapture("git", ["rev-parse", "--show-toplevel"], { cwd: sourceCwd });
           }
           const repoName = basename(gitRoot) || "repo";
-          const worktreesRoot = join2(getCodexHomeDir2(), "worktrees");
-          await mkdir2(worktreesRoot, { recursive: true });
+          const worktreesRoot = join3(getCodexHomeDir3(), "worktrees");
+          await mkdir3(worktreesRoot, { recursive: true });
           let worktreeId = "";
           let worktreeParent = "";
           let worktreeCwd = "";
           for (let attempt = 0; attempt < 12; attempt += 1) {
             const candidate = randomBytes(2).toString("hex");
-            const parent = join2(worktreesRoot, candidate);
+            const parent = join3(worktreesRoot, candidate);
             try {
-              await stat2(parent);
+              await stat3(parent);
               continue;
             } catch {
               worktreeId = candidate;
               worktreeParent = parent;
-              worktreeCwd = join2(parent, repoName);
+              worktreeCwd = join3(parent, repoName);
               break;
             }
           }
@@ -2073,7 +2740,7 @@ function createCodexBridgeMiddleware() {
             throw new Error("Failed to allocate a unique worktree id");
           }
           const branch = `codex/${worktreeId}`;
-          await mkdir2(worktreeParent, { recursive: true });
+          await mkdir3(worktreeParent, { recursive: true });
           try {
             await runCommand2("git", ["worktree", "add", "-b", branch, worktreeCwd, "HEAD"], { cwd: gitRoot });
           } catch (error) {
@@ -2081,7 +2748,7 @@ function createCodexBridgeMiddleware() {
             await ensureRepoHasInitialCommit(gitRoot);
             await runCommand2("git", ["worktree", "add", "-b", branch, worktreeCwd, "HEAD"], { cwd: gitRoot });
           }
-          setJson2(res, 200, {
+          setJson3(res, 200, {
             data: {
               cwd: worktreeCwd,
               branch,
@@ -2089,15 +2756,15 @@ function createCodexBridgeMiddleware() {
             }
           });
         } catch (error) {
-          setJson2(res, 500, { error: getErrorMessage2(error, "Failed to create worktree") });
+          setJson3(res, 500, { error: getErrorMessage3(error, "Failed to create worktree") });
         }
         return;
       }
       if (req.method === "PUT" && url.pathname === "/codex-api/workspace-roots-state") {
         const payload = await readJsonBody(req);
-        const record = asRecord2(payload);
+        const record = asRecord3(payload);
         if (!record) {
-          setJson2(res, 400, { error: "Invalid body: expected object" });
+          setJson3(res, 400, { error: "Invalid body: expected object" });
           return;
         }
         const nextState = {
@@ -2106,33 +2773,33 @@ function createCodexBridgeMiddleware() {
           active: normalizeStringArray(record.active)
         };
         await writeWorkspaceRootsState(nextState);
-        setJson2(res, 200, { ok: true });
+        setJson3(res, 200, { ok: true });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/project-root") {
-        const payload = asRecord2(await readJsonBody(req));
+        const payload = asRecord3(await readJsonBody(req));
         const rawPath = typeof payload?.path === "string" ? payload.path.trim() : "";
         const createIfMissing = payload?.createIfMissing === true;
         const label = typeof payload?.label === "string" ? payload.label : "";
         if (!rawPath) {
-          setJson2(res, 400, { error: "Missing path" });
+          setJson3(res, 400, { error: "Missing path" });
           return;
         }
         const normalizedPath = isAbsolute(rawPath) ? rawPath : resolve(rawPath);
         let pathExists = true;
         try {
-          const info = await stat2(normalizedPath);
+          const info = await stat3(normalizedPath);
           if (!info.isDirectory()) {
-            setJson2(res, 400, { error: "Path exists but is not a directory" });
+            setJson3(res, 400, { error: "Path exists but is not a directory" });
             return;
           }
         } catch {
           pathExists = false;
         }
         if (!pathExists && createIfMissing) {
-          await mkdir2(normalizedPath, { recursive: true });
+          await mkdir3(normalizedPath, { recursive: true });
         } else if (!pathExists) {
-          setJson2(res, 404, { error: "Directory does not exist" });
+          setJson3(res, 404, { error: "Directory does not exist" });
           return;
         }
         const existingState = await readWorkspaceRootsState();
@@ -2147,103 +2814,103 @@ function createCodexBridgeMiddleware() {
           labels: nextLabels,
           active: nextActive
         });
-        setJson2(res, 200, { data: { path: normalizedPath } });
+        setJson3(res, 200, { data: { path: normalizedPath } });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/project-root-suggestion") {
         const basePath = url.searchParams.get("basePath")?.trim() ?? "";
         if (!basePath) {
-          setJson2(res, 400, { error: "Missing basePath" });
+          setJson3(res, 400, { error: "Missing basePath" });
           return;
         }
         const normalizedBasePath = isAbsolute(basePath) ? basePath : resolve(basePath);
         try {
-          const baseInfo = await stat2(normalizedBasePath);
+          const baseInfo = await stat3(normalizedBasePath);
           if (!baseInfo.isDirectory()) {
-            setJson2(res, 400, { error: "basePath is not a directory" });
+            setJson3(res, 400, { error: "basePath is not a directory" });
             return;
           }
         } catch {
-          setJson2(res, 404, { error: "basePath does not exist" });
+          setJson3(res, 404, { error: "basePath does not exist" });
           return;
         }
         let index = 1;
         while (index < 1e5) {
           const candidateName = `New Project (${String(index)})`;
-          const candidatePath = join2(normalizedBasePath, candidateName);
+          const candidatePath = join3(normalizedBasePath, candidateName);
           try {
-            await stat2(candidatePath);
+            await stat3(candidatePath);
             index += 1;
             continue;
           } catch {
-            setJson2(res, 200, { data: { name: candidateName, path: candidatePath } });
+            setJson3(res, 200, { data: { name: candidateName, path: candidatePath } });
             return;
           }
         }
-        setJson2(res, 500, { error: "Failed to compute project name suggestion" });
+        setJson3(res, 500, { error: "Failed to compute project name suggestion" });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/composer-file-search") {
-        const payload = asRecord2(await readJsonBody(req));
+        const payload = asRecord3(await readJsonBody(req));
         const rawCwd = typeof payload?.cwd === "string" ? payload.cwd.trim() : "";
         const query = typeof payload?.query === "string" ? payload.query.trim() : "";
         const limitRaw = typeof payload?.limit === "number" ? payload.limit : 20;
         const limit = Math.max(1, Math.min(100, Math.floor(limitRaw)));
         if (!rawCwd) {
-          setJson2(res, 400, { error: "Missing cwd" });
+          setJson3(res, 400, { error: "Missing cwd" });
           return;
         }
         const cwd = isAbsolute(rawCwd) ? rawCwd : resolve(rawCwd);
         try {
-          const info = await stat2(cwd);
+          const info = await stat3(cwd);
           if (!info.isDirectory()) {
-            setJson2(res, 400, { error: "cwd is not a directory" });
+            setJson3(res, 400, { error: "cwd is not a directory" });
             return;
           }
         } catch {
-          setJson2(res, 404, { error: "cwd does not exist" });
+          setJson3(res, 404, { error: "cwd does not exist" });
           return;
         }
         try {
           const files = await listFilesWithRipgrep(cwd);
           const scored = files.map((path) => ({ path, score: scoreFileCandidate(path, query) })).filter((row) => query.length === 0 || row.score < 10).sort((a, b) => a.score - b.score || a.path.localeCompare(b.path)).slice(0, limit).map((row) => ({ path: row.path }));
-          setJson2(res, 200, { data: scored });
+          setJson3(res, 200, { data: scored });
         } catch (error) {
-          setJson2(res, 500, { error: getErrorMessage2(error, "Failed to search files") });
+          setJson3(res, 500, { error: getErrorMessage3(error, "Failed to search files") });
         }
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/thread-titles") {
         const cache = await readThreadTitleCache();
-        setJson2(res, 200, { data: cache });
+        setJson3(res, 200, { data: cache });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/thread-search") {
-        const payload = asRecord2(await readJsonBody(req));
+        const payload = asRecord3(await readJsonBody(req));
         const query = typeof payload?.query === "string" ? payload.query.trim() : "";
         const limitRaw = typeof payload?.limit === "number" ? payload.limit : 200;
         const limit = Math.max(1, Math.min(1e3, Math.floor(limitRaw)));
         if (!query) {
-          setJson2(res, 200, { data: { threadIds: [], indexedThreadCount: 0 } });
+          setJson3(res, 200, { data: { threadIds: [], indexedThreadCount: 0 } });
           return;
         }
         const index = await getThreadSearchIndex();
         const matchedIds = Array.from(index.docsById.entries()).filter(([, doc]) => isExactPhraseMatch(query, doc)).slice(0, limit).map(([id]) => id);
-        setJson2(res, 200, { data: { threadIds: matchedIds, indexedThreadCount: index.docsById.size } });
+        setJson3(res, 200, { data: { threadIds: matchedIds, indexedThreadCount: index.docsById.size } });
         return;
       }
       if (req.method === "PUT" && url.pathname === "/codex-api/thread-titles") {
-        const payload = asRecord2(await readJsonBody(req));
+        const payload = asRecord3(await readJsonBody(req));
         const id = typeof payload?.id === "string" ? payload.id : "";
         const title = typeof payload?.title === "string" ? payload.title : "";
         if (!id) {
-          setJson2(res, 400, { error: "Missing id" });
+          setJson3(res, 400, { error: "Missing id" });
           return;
         }
         const cache = await readThreadTitleCache();
         const next2 = title ? updateThreadTitleCache(cache, id, title) : removeFromThreadTitleCache(cache, id);
         await writeThreadTitleCache(next2);
-        setJson2(res, 200, { ok: true });
+        setJson3(res, 200, { ok: true });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/events") {
@@ -2278,8 +2945,8 @@ data: ${JSON.stringify({ ok: true })}
       }
       next();
     } catch (error) {
-      const message = getErrorMessage2(error, "Unknown bridge error");
-      setJson2(res, 502, { error: message });
+      const message = getErrorMessage3(error, "Unknown bridge error");
+      setJson3(res, 502, { error: message });
     }
   };
   middleware.dispose = () => {
@@ -2416,8 +3083,8 @@ function createAuthSession(password) {
 }
 
 // src/server/localBrowseUi.ts
-import { dirname, extname, join as join3 } from "path";
-import { open, readFile as readFile3, readdir as readdir3, stat as stat3 } from "fs/promises";
+import { dirname, extname, join as join4 } from "path";
+import { open, readFile as readFile4, readdir as readdir3, stat as stat4 } from "fs/promises";
 var TEXT_EDITABLE_EXTENSIONS = /* @__PURE__ */ new Set([
   ".txt",
   ".md",
@@ -2532,7 +3199,7 @@ async function probeFileIsText(localPath) {
 async function isTextEditableFile(localPath) {
   if (isTextEditablePath(localPath)) return true;
   try {
-    const fileStat = await stat3(localPath);
+    const fileStat = await stat4(localPath);
     if (!fileStat.isFile()) return false;
     return await probeFileIsText(localPath);
   } catch {
@@ -2554,8 +3221,8 @@ function escapeForInlineScriptString(value) {
 async function getDirectoryItems(localPath) {
   const entries = await readdir3(localPath, { withFileTypes: true });
   const withMeta = await Promise.all(entries.map(async (entry) => {
-    const entryPath = join3(localPath, entry.name);
-    const entryStat = await stat3(entryPath);
+    const entryPath = join4(localPath, entry.name);
+    const entryStat = await stat4(entryPath);
     const editable = !entry.isDirectory() && await isTextEditableFile(entryPath);
     return {
       name: entry.name,
@@ -2613,7 +3280,7 @@ async function createDirectoryListingHtml(localPath) {
 </html>`;
 }
 async function createTextEditorHtml(localPath) {
-  const content = await readFile3(localPath, "utf8");
+  const content = await readFile4(localPath, "utf8");
   const parentPath = dirname(localPath);
   const language = languageForPath(localPath);
   const safeContentLiteral = escapeForInlineScriptString(content);
@@ -2684,8 +3351,8 @@ async function createTextEditorHtml(localPath) {
 // src/server/httpServer.ts
 import { WebSocketServer } from "ws";
 var __dirname = dirname2(fileURLToPath(import.meta.url));
-var distDir = join4(__dirname, "..", "dist");
-var spaEntryFile = join4(distDir, "index.html");
+var distDir = join5(__dirname, "..", "dist");
+var spaEntryFile = join5(distDir, "index.html");
 var IMAGE_CONTENT_TYPES = {
   ".avif": "image/avif",
   ".bmp": "image/bmp",
@@ -2762,7 +3429,7 @@ function createServer(options = {}) {
       return;
     }
     try {
-      const fileStat = await stat4(localPath);
+      const fileStat = await stat5(localPath);
       res.setHeader("Cache-Control", "private, no-store");
       if (fileStat.isDirectory()) {
         const html = await createDirectoryListingHtml(localPath);
@@ -2785,7 +3452,7 @@ function createServer(options = {}) {
       return;
     }
     try {
-      const fileStat = await stat4(localPath);
+      const fileStat = await stat5(localPath);
       if (!fileStat.isFile()) {
         res.status(400).json({ error: "Expected file path." });
         return;
@@ -2809,7 +3476,7 @@ function createServer(options = {}) {
     }
     const body = typeof req.body === "string" ? req.body : "";
     try {
-      await writeFile3(localPath, body, "utf8");
+      await writeFile4(localPath, body, "utf8");
       res.status(200).json({ ok: true });
     } catch {
       res.status(404).json({ error: "File not found." });
@@ -2889,8 +3556,8 @@ var program = new Command().name("codexui").description("Web interface for Codex
 var __dirname2 = dirname3(fileURLToPath2(import.meta.url));
 async function readCliVersion() {
   try {
-    const packageJsonPath = join5(__dirname2, "..", "package.json");
-    const raw = await readFile4(packageJsonPath, "utf8");
+    const packageJsonPath = join6(__dirname2, "..", "package.json");
+    const raw = await readFile5(packageJsonPath, "utf8");
     const parsed = JSON.parse(raw);
     return typeof parsed.version === "string" ? parsed.version : "unknown";
   } catch {
@@ -2915,13 +3582,13 @@ function runWithStatus(command, args) {
   return result.status ?? -1;
 }
 function getUserNpmPrefix() {
-  return join5(homedir3(), ".npm-global");
+  return join6(homedir4(), ".npm-global");
 }
 function resolveCodexCommand() {
   if (canRun("codex", ["--version"])) {
     return "codex";
   }
-  const userCandidate = join5(getUserNpmPrefix(), "bin", "codex");
+  const userCandidate = join6(getUserNpmPrefix(), "bin", "codex");
   if (existsSync3(userCandidate) && canRun(userCandidate, ["--version"])) {
     return userCandidate;
   }
@@ -2929,7 +3596,7 @@ function resolveCodexCommand() {
   if (!prefix) {
     return null;
   }
-  const candidate = join5(prefix, "bin", "codex");
+  const candidate = join6(prefix, "bin", "codex");
   if (existsSync3(candidate) && canRun(candidate, ["--version"])) {
     return candidate;
   }
@@ -2939,7 +3606,7 @@ function resolveCloudflaredCommand() {
   if (canRun("cloudflared", ["--version"])) {
     return "cloudflared";
   }
-  const localCandidate = join5(homedir3(), ".local", "bin", "cloudflared");
+  const localCandidate = join6(homedir4(), ".local", "bin", "cloudflared");
   if (existsSync3(localCandidate) && canRun(localCandidate, ["--version"])) {
     return localCandidate;
   }
@@ -2993,9 +3660,9 @@ async function ensureCloudflaredInstalledLinux() {
   if (!mappedArch) {
     throw new Error(`cloudflared auto-install is not supported for Linux architecture: ${process.arch}`);
   }
-  const userBinDir = join5(homedir3(), ".local", "bin");
+  const userBinDir = join6(homedir4(), ".local", "bin");
   mkdirSync(userBinDir, { recursive: true });
-  const destination = join5(userBinDir, "cloudflared");
+  const destination = join6(userBinDir, "cloudflared");
   const downloadUrl = `https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${mappedArch}`;
   console.log("\ncloudflared not found. Installing to ~/.local/bin...\n");
   await downloadFile(downloadUrl, destination);
@@ -3034,8 +3701,8 @@ async function resolveCloudflaredForTunnel() {
   return ensureCloudflaredInstalledLinux();
 }
 function hasCodexAuth() {
-  const codexHome = process.env.CODEX_HOME?.trim() || join5(homedir3(), ".codex");
-  return existsSync3(join5(codexHome, "auth.json"));
+  const codexHome = process.env.CODEX_HOME?.trim() || join6(homedir4(), ".codex");
+  return existsSync3(join6(codexHome, "auth.json"));
 }
 function ensureCodexInstalled() {
   let codexCommand = resolveCodexCommand();
@@ -3053,7 +3720,7 @@ function ensureCodexInstalled() {
 Global npm install requires elevated permissions. Retrying with --prefix ${userPrefix}...
 `);
       runOrFail("npm", ["install", "-g", "--prefix", userPrefix, pkg], `${label} (user prefix)`);
-      process.env.PATH = `${join5(userPrefix, "bin")}:${process.env.PATH ?? ""}`;
+      process.env.PATH = `${join6(userPrefix, "bin")}:${process.env.PATH ?? ""}`;
     };
     if (isTermuxRuntime()) {
       console.log("\nCodex CLI not found. Installing Termux-compatible Codex CLI from npm...\n");
@@ -3102,7 +3769,7 @@ function printTermuxKeepAlive(lines) {
 }
 function openBrowser(url) {
   const command = process.platform === "darwin" ? { cmd: "open", args: [url] } : process.platform === "win32" ? { cmd: "cmd", args: ["/c", "start", "", url] } : { cmd: "xdg-open", args: [url] };
-  const child = spawn3(command.cmd, command.args, { detached: true, stdio: "ignore" });
+  const child = spawn4(command.cmd, command.args, { detached: true, stdio: "ignore" });
   child.on("error", () => {
   });
   child.unref();
@@ -3134,7 +3801,7 @@ function getAccessibleUrls(port) {
 }
 async function startCloudflaredTunnel(command, localPort) {
   return new Promise((resolve2, reject) => {
-    const child = spawn3(command, ["tunnel", "--url", `http://localhost:${String(localPort)}`], {
+    const child = spawn4(command, ["tunnel", "--url", `http://localhost:${String(localPort)}`], {
       stdio: ["ignore", "pipe", "pipe"]
     });
     const timeout = setTimeout(() => {